Comodo HackerGuardian PCI Approved Scanning Vendor

Similar documents
Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI COMPLIANCE IS NO LONGER OPTIONAL

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

ABOUT COMODO. Year Established: 1998 Ownership: Private Employees: over 700

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

Merchant Guide to PCI DSS

Comodo Offline Updater Utility Software Version

Domain Control Validation in Comodo Certificate Manager

PCI Compliance: It's Required, and It's Good for Your Business

Comodo Certificate Manager Software Version 5.0

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

PCI DSS 3.2 AWARENESS NOVEMBER 2017

PCI compliance the what and the why Executing through excellence

Comodo Certificate Manager Software Version 5.0

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

A QUICK PRIMER ON PCI DSS VERSION 3.0

University of Sunderland Business Assurance PCI Security Policy

Data Sheet The PCI DSS

Site Data Protection (SDP) Program Update

Creating Trust Online TM. Extended Validation (EV) High Assurance SSL Certificate Reseller Program

Payment Card Industry Data Security Standards Version 1.1, September 2006

Identity & Trust Assurance Market Analysis. The next generation technologies to Create Trust Online

SIP Trunks. PCI compliance paired with agile and cost-effective telephony

Escaping PCI purgatory.

Comodo Certificate Manager

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

Navigating the PCI DSS Challenge. 29 April 2011

Why strong Validation processes for SSL are essential for the preservation of trust in the Internet economy

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Will you be PCI DSS Compliant by September 2010?

Protect Comply Thrive. The PCI DSS: Challenge or opportunity?

Comodo Endpoint Security Manager Software Version 3.4

Comodo Certificate Manager Version 5.7

SECURITY PRACTICES OVERVIEW

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

How PayPal can help colleges and universities reduce PCI DSS compliance scope. Prepared by PayPal and Sikich LLP.

PCI DSS COMPLIANCE 101

Identity & Trust Assurance Market Analysis

Comodo TrustConnect Software Version 1.72

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Safeguarding Cardholder Account Data

PCI DATA SECURITY STANDARDS VERSION 3.2. What's Next?

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

in PCI Regulated Environments

Comodo cwatch Web Security Software Version 1.0

PCI DSS Compliance. White Paper Parallels Remote Application Server

Simplify PCI Compliance

GlobalSCAPE EFT Server. HS Module. High Security. Detail Review. Facilitating Enterprise PCI DSS Compliance

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Daxko s PCI DSS Responsibilities

Comodo Authentication Solutions Overview

Validated P2PE for Reduced Compliance Scope, More Peace-of-Mind

Blueprint for PCI Compliance with Network Detective

Comodo cwatch Web Security Software Version 1.1

The Honest Advantage

Protect Comply Thrive. The PCI DSS: Challenge or opportunity?

PCI DSS Q & A to get you started

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

THE PCI DSS IS NOT THE RESULT OF A KNEE-JERK REACTION TO AN INCREASE IN SECURITY BREACHES BUT IT IS A STUDIED APPROACH TO DATA SECURITY

COMODO CA SSL CERTIFICATES

Comodo Endpoint Security Manager Professional Edition Software Version 3.3

Clearing the Path to PCI DSS Version 2.0 Compliance

COMODO CA SSL CERTIFICATES

OptiSol FinTech Platforms

The Top 6 WAF Essentials to Achieve Application Security Efficacy

How do you manage your customers payment card details securely and responsibly? White paper PCI DSS

Comodo Certificate Manager

PCI DSS COMPLIANCE DATA

How to Dramatically Lower the Cost and Pain of the Yearly PCI DSS Audit

Best Practices in Securing a Multicloud World

Commerce PCI: A Four-Letter Word of E-Commerce

REACH OUT Accelerate your admission process by going online.

Comodo Certificate Manager Software Version 5.7

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Webinar: How to keep your hotel guest data secure

PCI DSS. A Pocket Guide EXTRACT. Fourth edition ALAN CALDER GERAINT WILLIAMS

Comodo Certificate Manager

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

PCI Compliance. What is it? Who uses it? Why is it important?

Managed IT Services Eliminating technology pains for SMBs

PCI DSS Illuminating the Grey 25 August Roger Greyling

Comodo LoginPro Software Version 1.0

White paper PCI DSS. How do you manage your customers payment card details securely and responsibly?

City of Portland Audit: Follow-Up on Compliance with Payment Card Industry Data Security Standard BY ALEXANDRA FERCAK SENIOR MANAGEMENT AUDITOR

LESS WORK, WORK LESS. The simpliest way to manage ticket based events ONLINE TICKETING

Introduction to the PCI DSS: What Merchants Need to Know

The IT Search Company

ISE Canada Executive Forum and Awards

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

PCI DSS and the VNC SDK

Using GRC for PCI DSS Compliance

Comodo One Software Version 3.3

GUIDE TO STAYING OUT OF PCI SCOPE

Security and PCI Compliance for Retail Point-of-Sale Systems

PCI DSS and VNC Connect

Comodo One Software Version 3.16

Transcription:

Creating Trust Online TM E N T E R P R I S E Enterprise Security Solutions TM Comodo HackerGuardian PCI Approved Scanning Vendor Compliancy drives commerce: A reseller's Case Study - Merchant-Accounts.ca May 2008 PCI Data Security Compliance: What is PCI Compliancy? Time and time again hackers break into websites and steal millions of records containing consumers' sensitive information. In response to this escalating financial and personal identity threat, the Payment Card Industry (PCI) Data Security Council was formed by American Express, Visa, MasterCard, JCB and Discover. The PCI Council maintains the security standards for business that collect, store and process credit card data. Importantly, to drive adoption, the credit card companies have increasingly imposed penalties on businesses and credit card processors that suffer a security breach due to a lack of compliance with these standards. Worse, businesses which choose not to comply risk escalated penalties and may be denied the right to process card transactions altogether. PCI compliance regulations define specific security practices, with audit and affirmation requirements that all businesses must meet. Level 1 merchants, defined as businesses that process over 6,000,000 annual transactions, and organizations that have had a data breach must also complete an on-site audit by Qualified Security Assessor (QSA). Key elements of compliance (all levels) The PCI compliance specifies a set of requirements to ensure that correct measures are taken to secure all data, both internal and externally.

1. Secure Network Design and Maintenance to ensure that there is a properly configured firewall to protect cardholder data. Further, hardware and software credentials and security configurations must be actively managed. 2. Cardholder data must be diligently protected. Data transmitted over publicly available networks must be encrypted. 3. A Vulnerability Management Program that includes regular network and application scans performed by a certified 3rd party, to detect security flaws which may be exploited by hackers. Anti-virus applications must be deployed and regularly updated. 4. Strong Access Control Measures that restrict physical and logical access to cardholder data, Access, through unique user ID's, is only to be issued on a need-to-know basis. 5. Regular Testing and Active Monitoring of all connected network resources having access to cardholder data. 6. Maintain an Information Security Policy and compliance verification program. Validating Quarterly Compliance To be compliant, all businesses must use the services of PCI approved companies to validate quarterly compliance by performing vulnerability scans. The results of these scans are issued in detailed compliance reports which are then used for approval by the specific card company requirements. The PCI Security Standards Council manages the process for security companies to become Approved Scanning Vendors (ASVs), and Comodo is an approved ASV.

CASE STUDY The problem for Merchant-Accounts.ca PCI compliance has a technically complex security standard. How can Merchant-Accounts.ca deliver an easy to understand PCI compliancy solution for its customers? PCI compliance as a technical security standard is very stringent and complicated. Small online businesses may not have an IT department or team available to help them with complicated technical issues. Even for the experienced webmaster, the PCI security standard can appear daunting. Without support, some emerchants may never make it through the process and may give up early on because of the perceived difficulty. The consequences can be severe including fines, penalties or worse, an inability to use credit card to conduct online transactions. The solution Selecting apartner who can make it affordable, take away the guesswork and create clearly defined steps that the merchant can follow. Most importantly give them access to people who can answer their questions about PCI compliance. Initially, Merchant-Accounts.ca opted for giving their clients some recommendations on PCI solutions they can implement. Visa and MasterCard had provided a list of authorized PCI compliance scanning vendors. However, this was an inadequate approach since customers were tasked with finding a company to work with that could help them achieve PCI compliance. This was further complicated by the fact that there is a significant variance in the different offerings available in terms of PCI compliance scanning. The pricing for these services vary greatly, and in some cases the services were just not targeted (or even viable) for small and mid-sized business. The result was that Merchant-Accounts.ca customers were left unsupported withaslew of options to research. In situations when a merchant ran into a problem, they often did not understand which party to approach with their issue and in some cases could get stuck in a back-and-forth situation between the PCI security vendor and the payment gateway. While Merchant-Accounts.ca has a technically proficient staff and can assist merchants with certain issues such as shopping cart configuration, PCI compliance (a very strict standard that often requires an organization to implement a root-andbranches overhaul of existing security practices) is not a core competency. Ultimately, Merchant-Accounts.ca decided it needed to choose one provider to recommend that was easy to use for their customers and did not require Merchant-Accounts.ca to become PCI compliance experts. Therefore, there was a need to find a partner that met certain key requirements: They had to be an Approved Scanning Vendor (ASV). They had to have a simple to understand/ deployable solution. They had to provide cost effective solutions that are well within the budget of the typical small business. They had to offer a comprehensive suite of security tools which provide an effective security scanning and PCI compliance solution, while being easy to use through an intuitive interface. Merchants needed to be able to log in and start receiving the benefit of these tools with a minimum investment of time and effort. They had to provide excellent customer service in the event that merchants have a question. This is especially important because many of clients are small businesses with limited IT resources. Fundamentally though, Merchant-Accounts.ca realized they needed a provider who understood that PCI compliance is not what the merchant is interested in accomplishing. The merchant's concern is to build a successful e-commerce website

whereas PCI compliance is simply another step in the chain in order to accomplish this task. At the same time, the partner had to be able to support customers in this sometimes complex requirement where customers had limited funds, limited expertise and limited staff to carry out the needed functions. The partnership: Comodo's HackerGuardian and Merchant- Accounts.ca In choosing Comodo, Merchant-Accounts.ca was able to deliver a high level of technical efficacy for PCI scan compliancy in combination with a support infrastructure to make this easier for merchants. Comodo enabled Merchant-Accounts.ca to deliver a one-stop shopping experience to clients so they would not go off-site to find a required PCI service, which could have resulted in revenue loss for Merchant-Accounts.ca. More important, from a customer perspective, if the merchant had to source their own solutions it then becomes their responsibility to figure out how all the pieces must tie together. The typical small online merchant did not have the ability or proficiency to quickly locate a PCI security vendor that is cost-effective and will meet the needs of their business. COMODO is in touch with the reality of running a small business, and works with small and mid-sized merchants to help them obtain the mandatory PCI scan as part of their compliant website environment. This close strategic partnership between Merchant-Accounts.ca and COMODO has enabled Merchant-Accounts.ca to offer PCI and daily security scanning service to clients. Because of the close working nature of the partnership, merchants are no longer working between two independent parties and can now find a solution under one roof. The results easy to buy, easy to deploy Merchants are now seeing PCI compliance as a benefit to their business and a service of value, instead of a roadblock or hurdle that must be overcome. Creating a clear path to follow and offering all the required services under one roof has helped merchants to successfully launch their websites more quickly and easily. With less time spent on confusing technical issues, and without needing to go out on their own to find a PCI compliance vendor, merchants can spend more time building, improving and promoting their website. This is a far better investment of a merchant's time, as it will result in increased sales and further the development and success of their business. Where merchants used to see PCI compliance as a roadblock to getting online, they now see it as an advantage for their business. Bundled with COMODO's daily security scanning, the merchants have greater confidence in their website and are better able to identify and rectify potential security issues before they become a problem. Business Results: The partnership with COMODO has dramatically improved productivity for Merchant-Accounts.ca staff, by letting COMODO supply PCI compliance scanning. This has allowed Merchant-Accounts.ca to focus on their core business - providing merchant accounts and credit card processing solutions. Improved customer satisfaction on PCI related issues evidenced by a reduction in follow-up phone calls requesting information regarding PCI Compliance by over 90%. Where Merchant-Accounts.ca used to incur customer care costs from supporting PCI compliance inquiries, this has turned into a source of revenue by reselling the Comodo PCI Compliance solutions. Accelerated PCI compliancy of customers because merchants do not need to research an outsourced PCI compliance scanning solution, they are now achieving PCI compliance far more quickly. Merchants are completing the process and going live with credit card processing more than twice as quickly when compared to the amount of time the average merchant took to achieve compliance before the Comodo PCI solution was offered.

About Merchant-Accounts.ca Merchant-Accounts.ca specializes in providing merchant accounts and credit card processing services to Canadian and international businesses. With a customer centric focus, Merchant-Accounts.ca provides the highest level of customer service through a close working relationship with each individual merchant. Business owners receive the benefit of a one-on-one dedicated account representative who is available to assist with any and every issue related to the launch and marketing of an e-commerce website. By taking the time to work closely with each merchant, business owners are better able to complete their application, develop a more effective website, and go live with credit card processing more quickly. Website: www.merchant-accounts.ca About Comodo The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and E-Mail Certificates; award winning PC security software; vulnerability scanning services for PCI Compliance; secure e-mail and fax services. Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products. Comodo Group, Inc. 525 Washington Blvd. Jersey City, NJ 07310 United States Tel: +1.888.256.2608 Tel: +1.703.637.9361 Fax: +1.201.963.9003 Email: EnterpriseSolutions@Comodo.com Comodo CA Limited 3rd Floor, 26 Office Village, Exchange Quay Trafford Road, Salford, Manchester M5 3EQ United Kingdom Tel: +44 (0) 161 874 7070 Fax: +44 (0) 161 877 1767 For additional information on Comodo - visit http://www.enterprise.comodo.com/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback